Bitcoin Forum
May 25, 2019, 06:30:38 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: DELTA MONEY - PHISHING - BEWARE  (Read 176 times)
witcher_sense
Sr. Member
****
Online Online

Activity: 532
Merit: 306



View Profile
March 20, 2019, 04:14:16 PM
Merited by tvplus006 (1), Juliya_D (1), lovesmayfamilis (1), JeromeTash (1)
 #1

What happened: Malicious site

Scammers Profile ANN: https://bitcointalk.org/index.php?topic=5122795.0
https://web.archive.org/web/20190320161035/https://bitcointalk.org/index.php?topic=5122795.0


Scammers Website:[/color]
Code:
https://delta.money/


Code:
https://web.archive.org/web/20190320161118/https://delta.money/

Quote
Domain Name: delta.money
Registry Domain ID: 4f044a3148be4319ae54d36368effd4f-DONUTS
Registrar WHOIS Server: who.godaddy.com/
Registrar URL: http://www.godaddy.com/domains/search.aspx?ci=8990
Updated Date: 2019-03-02T05:20:33Z
Creation Date: 2018-02-27T04:08:21Z
Registry Expiry Date: 2020-02-27T04:08:21Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146


https://www.virustotal.com/ru/url/afd31d1a5ebb9d3bf96c52bd4131a3b2cdbf051d9d374390f8368ba0647facd2/analysis/1553098051/

               ▄▄███████▄▄
            ▄███████████████▄
           ███████████████████
          █████████████████████▄▄▄▄
      ▄▄▄████████████████████████████▄
   ▄█████ ▐▌ ██████████████████████████▄
 ▄█████       ▀█         █          ████▄
▐███████  ███  ▐█  ██▀█▄▄█▄▄██  ██▄▄█████
████████       ██     ████████  █████████
████████  ███  ▐█  ██▄█▀▀█████  ████████▀
 ██████       ▄█         ███      █████▀
  ▀██████ ▐▌ ████████████████████████▀
    ▀▀▀██████████████████████████▀▀
       ▄▄▀▀▀██████▄
    ▄██████▀▀███████▀▀▄
  ▄██████▀▄███████████▄▀▄
 ▄█ ███████████████ ████▄▄
▄██████████████████▌▐█████▄
███████████████████████████
▀▄████████▄▄▄▀▀▀████████▀▄
██████████████████████████
▀████ ████████████████████▀
 ▀████ █████████▀▄████ ██▀
  ▀████▄▀█████▀▀▄█████▌▐▀
▄███▀▄██████▄▄████▀▀▄▄▀███▄
▀██████
▀▀████▄▄▄▄▄▀▀██████▀
   ▀▀▀███████████████▀▀▀
         ▄▄▀▀██▀▀▀▀▄▄▄▄▄
      ▄▀▀██▄▄█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
  ▄▄▄▀▀▀█▄▄▄▀▄██████████
▄▀▀█▄▀█▄█▀███████████
▄▀████████▐▌██████
 █▀▄██████████▄████▄████
  ▀▄█████████████████████
   ▀▄█████████▀██████▀███
     ██████████▄██▄█████
      █████████████████████
       ▀▄████████████████
        ▀▄████████████████
          ▀███▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀
1558765838
Hero Member
*
Offline Offline

Posts: 1558765838

View Profile Personal Message (Offline)

Ignore
1558765838
Reply with quote  #2

1558765838
Report to moderator
1558765838
Hero Member
*
Offline Offline

Posts: 1558765838

View Profile Personal Message (Offline)

Ignore
1558765838
Reply with quote  #2

1558765838
Report to moderator
1558765838
Hero Member
*
Offline Offline

Posts: 1558765838

View Profile Personal Message (Offline)

Ignore
1558765838
Reply with quote  #2

1558765838
Report to moderator
PLAY OVER 3000 GAMES
LIGHTNING FAST WITHDRAWALS
PLAY NOW
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
JeromeTash
Full Member
***
Offline Offline

Activity: 336
Merit: 175


The Owl Dance.


View Profile
March 20, 2019, 04:56:00 PM
 #2

MetaMask and Ether Address Lookup couldn't agree more.

They are asking for people's private keys to open up an account and also telling people to send 1 Ether to some address to receive delta coins


According to https://urlscan.io/result/1af732a7-5848-4d8b-95f3-0c206f980dab

This website contacted 4 IPs in 3 countries across 4 domains to perform 18 HTTP transactions.
The main IP is 78.47.153.144, located in Germany and belongs to HETZNER-AS, DE. The main domain is delta.money.
The TLS certificate was issued by Let's Encrypt Authority X3 on February 20th 2019 with a validity of 3 months.


HOWEYCOINS   ▮      Excitement and         ⭐  ● TWITTER  ● FACEBOOK   ⭐       
  ▮    guaranteed returns                 ●TELEGRAM                         
  ▮  of the travel industry
    ⭐  ●Ann Thread ●Instagram   ⭐ 
✅    U.S.Sec    ➡️
✅  approved!  ➡️
magneto
Hero Member
*****
Offline Offline

Activity: 994
Merit: 600


View Profile
March 20, 2019, 08:47:25 PM
 #3

Seems like an obvious one. They didn't even put the tiniest effort in designing their site, or spelling words correctly.

If anyone asks you for your private key you should be alarmed, whether or not the entity asking you for it seems to be an established project or not. The reason why it's called a private key in the first place is that you're not supposed to share it with anyone, and if you do, then the trustless nature of most cryptos will just not apply anymore.

Also, don't just blindly trust someone just because they have a site. There is no evidence that there are any legitimate development activity happening at all, and they're asking for investments.

Though, I'm not sure whether this is just a blatant scam, or an actual phishing site, because I'm not sure whose site they're trying to impersonate exactly.

JeromeTash
Full Member
***
Offline Offline

Activity: 336
Merit: 175


The Owl Dance.


View Profile
March 20, 2019, 09:24:51 PM
 #4

Though, I'm not sure whether this is just a blatant scam, or an actual phishing site, because I'm not sure whose site they're trying to impersonate exactly.
AFAIK, Phishing generally means an attempt to trick someone to provide their private or sensitive information which could give the attacker access to the victim's electronic accounts.
Website impersonation just happens to be one of the techniques.

HOWEYCOINS   ▮      Excitement and         ⭐  ● TWITTER  ● FACEBOOK   ⭐       
  ▮    guaranteed returns                 ●TELEGRAM                         
  ▮  of the travel industry
    ⭐  ●Ann Thread ●Instagram   ⭐ 
✅    U.S.Sec    ➡️
✅  approved!  ➡️
magneto
Hero Member
*****
Offline Offline

Activity: 994
Merit: 600


View Profile
March 22, 2019, 11:53:01 PM
 #5

Though, I'm not sure whether this is just a blatant scam, or an actual phishing site, because I'm not sure whose site they're trying to impersonate exactly.
AFAIK, Phishing generally means an attempt to trick someone to provide their private or sensitive information which could give the attacker access to the victim's electronic accounts.
Website impersonation just happens to be one of the techniques.

I guess. If we were going off your definition, then the site could certainly be classified as a phishing site given that it's obviously trying to maliciously obtain the private keys of the users.

But they might not actually trying to impersonate anyone's site in particular as you say, since the closest thing I saw to their project is probably Agrello, which was rebranded from delta, and this site currently looks absolutely nothing like what Agrello's site looks like or even the service that they provide.

At the end of the day though, this barely matters. They are a noob-targeting scam, no matter the classification.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!